Secure Cookie

What Does Secure Cookie Mean?

A secure cookie, also known as httpOnly cookie, is a type of cookie that only works with HTTP/HTTPS and does not work for scripting languages like JavaScript. Since it is only used in storing information and used for hypertext transfer protocol requests and data over the internet, exploits and hacks made through scripting are unable to access them. So a secure cookie’s main benefit is that it can stop theft through cross-site scripting (XSS).


Techopedia Explains Secure Cookie

A secure cookie always has the secure attribute activated, so it is used mostly via HTTPS and securely transmitted with encrypted connections. The httpOnly flag in the secure cookie header ensures that JavaScript or any non-HTTP methods cannot access the cookie. The cookie works through the assistance of two headers: set-cookie and cookie. The job of the set-cookie header is to create a secured cookie on the user’s system in response to a http request. While the cookie header is part of the application with an http request sent to the server to validate if there is a secure cookie that matches the domain and path requested.

The secure attribute and httpOnly flag work together to ensure that the browser is able to restrict access to the secure cookie data from malicious scripts that may have infected the browser or the network. This mitigates many of the damages that many XSS attacks can cause, specifically those that target cookies.


Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…